github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/pkg/sql/delegate/show_role_grants.go (about) 1 // Copyright 2018 The Cockroach Authors. 2 // 3 // Use of this software is governed by the Business Source License 4 // included in the file licenses/BSL.txt. 5 // 6 // As of the Change Date specified in that file, in accordance with 7 // the Business Source License, use of this software will be governed 8 // by the Apache License, Version 2.0, included in the file 9 // licenses/APL.txt. 10 11 package delegate 12 13 import ( 14 "bytes" 15 "fmt" 16 "strings" 17 18 "github.com/cockroachdb/cockroach/pkg/sql/lex" 19 "github.com/cockroachdb/cockroach/pkg/sql/sem/tree" 20 ) 21 22 // ShowRoleGrants returns role membership details for the specified roles and grantees. 23 // Privileges: SELECT on system.role_members. 24 // Notes: postgres does not have a SHOW GRANTS ON ROLES statement. 25 func (d *delegator) delegateShowRoleGrants(n *tree.ShowRoleGrants) (tree.Statement, error) { 26 const selectQuery = ` 27 SELECT role AS role_name, 28 member, 29 "isAdmin" AS is_admin 30 FROM system.role_members` 31 32 var query bytes.Buffer 33 query.WriteString(selectQuery) 34 35 if n.Roles != nil { 36 var roles []string 37 for _, r := range n.Roles.ToStrings() { 38 roles = append(roles, lex.EscapeSQLString(r)) 39 } 40 fmt.Fprintf(&query, ` WHERE "role" IN (%s)`, strings.Join(roles, ",")) 41 } 42 43 if n.Grantees != nil { 44 if n.Roles == nil { 45 // No roles specified: we need a WHERE clause. 46 query.WriteString(" WHERE ") 47 } else { 48 // We have a WHERE clause for roles. 49 query.WriteString(" AND ") 50 } 51 52 var grantees []string 53 for _, g := range n.Grantees.ToStrings() { 54 grantees = append(grantees, lex.EscapeSQLString(g)) 55 } 56 fmt.Fprintf(&query, ` member IN (%s)`, strings.Join(grantees, ",")) 57 58 } 59 60 return parse(query.String()) 61 }